I am using unescaped data for example some string " <>> ' blah.
This causes trouble when I do this:
<input value="<?= $my_string ?>">
Which results in:
<input value="some string " <>> ' blah">
Is there a way to tell php to call htmlspecialchars on everything before printing it to the html document using <?= ?> so I don’t have to call it manually every time?
Advertisement
Answer
No, this is not possible. But you could make a shortcut method that. For example like this:
function h($string){
return htmlspecialchars($string);
}